Description
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Remediation
References
Related Vulnerabilities
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)
Oracle JRE CVE-2013-2431 Vulnerability (CVE-2013-2431)
WordPress Plugin Podlove Podcast Publisher Cross-Site Request Forgery (3.8.3)
Magento CVE-2019-8122 Vulnerability (CVE-2019-8122)
WordPress Plugin WP Maintenance Mode & Site Under Construction Security Bypass (1.8.1)